As MSPs observe Microsoft®’s shift to the cloud, many are wondering whether Azure services could be helpful to their business, and ultimately, their clients. This post is an MSP’s guide to Azure® Active Directory®. It is critical for MSPs to understand Microsoft’s intent with Azure AD. It is easy to assume that Azure AD is a replacement to the on-prem Active Directory, but as we’ll explain, that isn’t the case.
Following the Azure Daisy Chain
Azure Active Directory is the user management system for Azure and a web application single sign-on (SSO) solution. Microsoft’s identity management strategy has been to encourage IT admins to utilize Active Directory on-prem with a domain controller to manage user access to on-prem Windows systems and applications. Admins are then expected to leverage Azure AD Connect to bridge the core identity on-prem to Azure AD. From there, the identity can be utilized by Azure AD DS (domain services) within Azure Compute, Office 365™, and with web applications.
When stepping back and looking at all of this architecture, MSPs should realize a few key points. The first is that Azure Active Directory is a user management solution for Azure and an SSO to web applications. Unfortunately, it struggles with IT resources beyond this scope, making it a lackluster solution to manage an entire enterprise. Secondly, Azure AD isn’t a replacement to the on-prem Active Directory identity management solution. As a Microsoft representative explained, “Azure Active Directory is not designed to be the cloud version of Active Directory.” Third, Azure Active Directory is one solution in a suite of identity and access management solutions (e.g. AD, Azure AD Connect, Azure AD DS, and more).
To recap, here are some key points to understand about Azure AD:
- Azure AD is a user management solution (not directory service)
- Not a replacement to on-prem Active Directory
- Azure AD is part of a suite of Microsoft IAM solutions
The Reality for Managing the Modern Office
For MSPs that are looking to manage user access to on-prem Windows® devices, macOS®, and Linux® systems, AWS®, G Suite™, and other IT resources, Azure AD will struggle to be the core identity management platform. Further, for those MSPs also looking for endpoint management, Azure AD will require Intune and SCCM to control Windows machines and mobile devices. In short, the Microsoft approach is to create Windows-based user and system management through a suite of different solutions both on-prem and in the cloud.
An alternative to this approach of leveraging a number of different Microsoft solutions is to find a comprehensive cloud identity management solution. Ideally, this solution would encompass centralized user management (for on-prem and cloud resources), True Single Sign-On™, cross-platform system management, cloud LDAP, RADIUS-as-a-Service, 2FA, and more. Ideally this solution would be platform agnostic (Mac®, Windows, and Linux) and able to manage modern office environments where clients are free to choose the best tools, platforms, and resources for the job, regardless of location, platform, protocol, or provider.
One next generation identity management solution that bundles all of these services together for MSPs and their clients is JumpCloud® Directory-as-a-Service®. This all-in-one cloud directory is tailored specifically to meet the needs of MSPs looking for centralized remote client management, and it features a Multi-Tenant Portal (MTP) for performing core IT functions across all clients. Designed specifically for Partners, MSP admins can move quickly and securely between tenant control panels in the MTP to do their work more efficiently. Furthermore, JumpCloud’s Partner Program provides MSPs with free hands-on technical support, training, competitive margins, referral payouts, and the opportunity to generate co-marketing campaigns.
Key Differences with Directory-as-a-Service
- Fully Replaces AD
- Cross-Platform Enablement (Mac, Linux, and Windows)
- Flexibility with AWS, LDAP, Cloud RADIUS, etc. (No Add-ons Required)
- Multi-Tenant Portal
Learn More About JumpCloud
Are you interested in hearing more about Azure Active Directory, or Directory-as-a-Service as a serverless alternative? Send our Partner Support team a note, and we’ll be happy to follow up with more details. Signing up your first 10 users is free, so go ahead and explore the platform for yourself if you’re ready, or apply to be an official Partner today.